Почему Spring Boot продолжает возвращать ошибку 403? - Цифровое Кемерово

Почему Spring Boot продолжает возвращать ошибку 403? ⇐ JAVA

Ответить

1 сообщение • Страница 1 из 1

Anonymous

Почему Spring Boot продолжает возвращать ошибку 403?

Цитата

Сообщение Anonymous » 28 сен 2024, 01:15

Я изучаю загрузку Spring и пытаюсь реализовать простую аутентификацию JWT в своем проекте, я проверил некоторые источники в Интернете и добавил необходимый код.
Однако я всегда получаю ошибку 403, даже когда я я вызываю правильную конечную точку и добавляю правильный токен носителя JWT, который я сгенерировал с помощью конечной точки "/login".
Кроме того, в этих случаях я получаю 403:

Вызов несуществующей конечной точки (возвращает 403 вместо 404)
Вызов конечной точки с недопустимым JWT Токен на предъявителя (или вообще без токена)/(Я должен получить 401 вместо 403)

Когда я добавляю конечную точку в белый список и вызываю ее , он работает нормально, и я получаю действительный ответ.
Вот зависимости, которые я использую

org.springframework.boot
spring-boot-starter-web

org.springframework.boot
spring-boot-starter-test
test

org.jetbrains
annotations
RELEASE
compile

org.apache.httpcomponents.client5
httpclient5
test

org.springframework.data
spring-data-jdbc
3.2.4
default

mysql
mysql-connector-java
8.0.33

org.springframework.boot
spring-boot-starter-web

org.apache.httpcomponents.client5
httpclient5
test

org.springframework.boot
spring-boot-starter-test
test

org.springframework.boot
spring-boot-starter

org.springframework.boot
spring-boot-starter-security

io.jsonwebtoken
jjwt
0.12.6

Вот добавленная мною конфигурация безопасности
//Package + Imported Classes
@Configuration
public class SecurityConfig {
@Bean
protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable()) // Disable CSRF protection using the new method
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers("/login", "/token").permitAll()
.anyRequest().authenticated()
)
.httpBasic(httpBasic -> httpBasic.disable()); // Disable httpBasic

return http.build();
}

}

Вот служебный класс JWT, который я использую для создания токена носителя JWT
public class JwtUtil {

private static final String SECRET = "m28dE1dE34n9e+f4bc2894yf89oh2390fjp2om2v24i8hw=p03qeAdD/1lwH";
private static final long EXPIRATION_TIME = 1000 * 60 * 60 * 24; //86,400,000 MS which means 24 hours

public static String generateToken(String username) {
return Jwts
.builder() //call the function that will build the JWT token
//.claims(extraClaims)
.subject(username)
.issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(getSignInKey())
.compact();
}

private static SecretKey getSignInKey() {
byte[] keyBytes = Decoders.BASE64.decode(SECRET);
return Keys.hmacShaKeyFor(keyBytes);
}

public static String extractUsername(String token) {

return Jwts.parser()
.verifyWith(getSignInKey())
.build()
.parseSignedClaims(token)
.getPayload()
.getSubject();
}
}

Вот моя конечная точка /login
@RestController
public class LoginAndToken {

@PostMapping("/login")
public String login(@RequestBody String username, String password, String JWTToken) {
return JwtUtil.generateToken(username);
}

}

Вот журнал после включения ведения журнала безопасности
:: Spring Boot :: (v3.2.3)

2024-09-27T17:46:48.584+03:00 INFO 36328 --- [ main] c.e.restservice.RestServiceApplication : Starting RestServiceApplication using Java 22 with PID 36328 (D:\Spring boot\Trial 1\rest-service\target\classes started by abdre in D:\Spring boot\Trial 1\rest-service)
2024-09-27T17:46:48.587+03:00 INFO 36328 --- [ main] c.e.restservice.RestServiceApplication : No active profile set, falling back to 1 default profile: "default"
2024-09-27T17:46:49.777+03:00 INFO 36328 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 8080 (http)
2024-09-27T17:46:49.787+03:00 INFO 36328 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2024-09-27T17:46:49.788+03:00 INFO 36328 --- [ main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.19]
2024-09-27T17:46:49.851+03:00 INFO 36328 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2024-09-27T17:46:49.852+03:00 INFO 36328 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1206 ms
2024-09-27T17:46:50.110+03:00 TRACE 36328 --- [ main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration$WebSecurityEnablerConfiguration=org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration$WebSecurityEnablerConfiguration@3458eca5}
2024-09-27T17:46:50.114+03:00 WARN 36328 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :

Using generated security password: cdf57bb2-c345-4658-9763-084bb9121d71

This generated password is for development use only. Your security configuration must be updated before running your application in production.

2024-09-27T17:46:50.335+03:00 INFO 36328 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@7e64c1a9, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7fda2001, org.springframework.security.web.context.SecurityContextHolderFilter@c1050f2, org.springframework.security.web.header.HeaderWriterFilter@51e754e1, org.springframework.web.filter.CorsFilter@162c1dfb, org.springframework.security.web.authentication.logout.LogoutFilter@58324c9f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@738d37fc, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6fa2448b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@21ae657b, org.springframework.security.web.access.ExceptionTranslationFilter@7fedb795, org.springframework.security.web.access.intercept.AuthorizationFilter@12f279b5]
2024-09-27T17:46:50.553+03:00 INFO 36328 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 8080 (http) with context path ''
2024-09-27T17:46:50.561+03:00 INFO 36328 --- [ main] c.e.restservice.RestServiceApplication : Started RestServiceApplication in 2.447 seconds (process running for 2.832)
eccbc87e4b5ce2fe28308fd9f2a7baf3
2024-09-27T17:46:55.467+03:00 INFO 36328 --- [nio-8080-exec-5] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2024-09-27T17:46:55.467+03:00 INFO 36328 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2024-09-27T17:46:55.468+03:00 INFO 36328 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet : Completed initialization in 0 ms
2024-09-27T17:46:55.501+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@7e64c1a9, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7fda2001, org.springframework.security.web.context.SecurityContextHolderFilter@c1050f2, org.springframework.security.web.header.HeaderWriterFilter@51e754e1, org.springframework.web.filter.CorsFilter@162c1dfb, org.springframework.security.web.authentication.logout.LogoutFilter@58324c9f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@738d37fc, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6fa2448b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@21ae657b, org.springframework.security.web.access.ExceptionTranslationFilter@7fedb795, org.springframework.security.web.access.intercept.AuthorizationFilter@12f279b5]] (1/1)
2024-09-27T17:46:55.503+03:00 DEBUG 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Securing POST /login
2024-09-27T17:46:55.504+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/11)
2024-09-27T17:46:55.505+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/11)
2024-09-27T17:46:55.511+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/11)
2024-09-27T17:46:55.516+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/11)
2024-09-27T17:46:55.519+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/11)
2024-09-27T17:46:55.520+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/11)
2024-09-27T17:46:55.522+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2024-09-27T17:46:55.522+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (7/11)
2024-09-27T17:46:55.522+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-09-27T17:46:55.522+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (8/11)
2024-09-27T17:46:55.524+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (9/11)
2024-09-27T17:46:55.525+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (10/11)
2024-09-27T17:46:55.525+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (11/11)
2024-09-27T17:46:55.526+03:00 TRACE 36328 --- [nio-8080-exec-5] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@5f0f1c14]
2024-09-27T17:46:55.534+03:00 TRACE 36328 --- [nio-8080-exec-5] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@5f0f1c14] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x000002c352411718@59c48c5
2024-09-27T17:46:55.536+03:00 DEBUG 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Secured POST /login
2024-09-27T17:46:55.674+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2024-09-27T17:46:55.676+03:00 TRACE 36328 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2024-09-27T17:46:55.677+03:00 TRACE 36328 --- [nio-8080-exec-5] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-09-27T17:46:55.677+03:00 TRACE 36328 --- [nio-8080-exec-5] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-09-27T17:46:55.678+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@7e64c1a9, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7fda2001, org.springframework.security.web.context.SecurityContextHolderFilter@c1050f2, org.springframework.security.web.header.HeaderWriterFilter@51e754e1, org.springframework.web.filter.CorsFilter@162c1dfb, org.springframework.security.web.authentication.logout.LogoutFilter@58324c9f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@738d37fc, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6fa2448b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@21ae657b, org.springframework.security.web.access.ExceptionTranslationFilter@7fedb795, org.springframework.security.web.access.intercept.AuthorizationFilter@12f279b5]] (1/1)
2024-09-27T17:47:01.931+03:00 DEBUG 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Securing GET /get-shorten-link
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/11)
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/11)
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/11)
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/11)
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (7/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (8/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (9/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (10/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (11/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@4ff8f49]
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@4ff8f49] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@a3871a6
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-09-27T17:47:01.933+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2024-09-27T17:47:01.933+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied

org.springframework.security.access.AccessDeniedException: Access Denied
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.4.jar:6.1.4]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230) ~[spring-security-config-6.2.2.jar:6.2.2]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.4.jar:6.1.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at java.base/java.lang.Thread.run(Thread.java:1570) ~[na:na]

Подробнее здесь: https://stackoverflow.com/questions/790 ... -error-403

1727475340

Anonymous

Я изучаю загрузку Spring и пытаюсь реализовать простую аутентификацию JWT в своем проекте, я проверил некоторые источники в Интернете и добавил необходимый код.
Однако я всегда получаю ошибку 403, даже когда я я вызываю правильную конечную точку и добавляю правильный токен носителя JWT, который я сгенерировал с помощью конечной точки "/login".
Кроме того, в этих случаях я получаю 403:
[list]
[*]Вызов несуществующей конечной точки (возвращает 403 вместо 404)
[*]Вызов конечной точки с недопустимым JWT Токен на предъявителя (или вообще без токена)/(Я должен получить 401 вместо 403)
[/list]
Когда я добавляю конечную точку в белый список и вызываю ее , он работает нормально, и я получаю действительный ответ.
Вот зависимости, которые я использую
    

org.springframework.boot
spring-boot-starter-web


org.springframework.boot
spring-boot-starter-test
test


org.jetbrains
annotations
RELEASE
compile


org.apache.httpcomponents.client5
httpclient5
test


org.springframework.data
spring-data-jdbc
3.2.4
default


mysql
mysql-connector-java
8.0.33


org.springframework.boot
spring-boot-starter-web


org.apache.httpcomponents.client5
httpclient5
test


org.springframework.boot
spring-boot-starter-test
test




org.springframework.boot
spring-boot-starter



org.springframework.boot
spring-boot-starter-security



io.jsonwebtoken
jjwt
0.12.6 




Вот добавленная мною конфигурация безопасности
//Package + Imported Classes
@Configuration
public class SecurityConfig {
@Bean
protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable()) // Disable CSRF protection using the new method
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers("/login", "/token").permitAll()
.anyRequest().authenticated()
)
.httpBasic(httpBasic -> httpBasic.disable());  // Disable httpBasic

return http.build();
}

}

Вот служебный класс JWT, который я использую для создания токена носителя JWT
public class JwtUtil {

private static final String SECRET = "m28dE1dE34n9e+f4bc2894yf89oh2390fjp2om2v24i8hw=p03qeAdD/1lwH";
private static final long EXPIRATION_TIME = 1000 * 60 * 60 * 24; //86,400,000 MS which means 24 hours

public static String generateToken(String username) {
return Jwts
.builder() //call the function that will build the JWT token
//.claims(extraClaims)
.subject(username)
.issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(getSignInKey())
.compact();
}

private static SecretKey getSignInKey() {
byte[] keyBytes = Decoders.BASE64.decode(SECRET);
return Keys.hmacShaKeyFor(keyBytes);
}

public static String extractUsername(String token) {

return Jwts.parser()
.verifyWith(getSignInKey())
.build()
.parseSignedClaims(token)
.getPayload()
.getSubject();
}
}

Вот моя конечная точка /login
@RestController
public class LoginAndToken {

@PostMapping("/login")
public String login(@RequestBody String username, String password, String JWTToken) {
return JwtUtil.generateToken(username);
}

}

Вот журнал после включения ведения журнала безопасности
 :: Spring Boot ::                (v3.2.3)

2024-09-27T17:46:48.584+03:00  INFO 36328 --- [           main] c.e.restservice.RestServiceApplication   : Starting RestServiceApplication using Java 22 with PID 36328 (D:\Spring boot\Trial 1\rest-service\target\classes started by abdre in D:\Spring boot\Trial 1\rest-service)
2024-09-27T17:46:48.587+03:00  INFO 36328 --- [           main] c.e.restservice.RestServiceApplication   : No active profile set, falling back to 1 default profile: "default"
2024-09-27T17:46:49.777+03:00  INFO 36328 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port 8080 (http)
2024-09-27T17:46:49.787+03:00  INFO 36328 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2024-09-27T17:46:49.788+03:00  INFO 36328 --- [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.19]
2024-09-27T17:46:49.851+03:00  INFO 36328 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2024-09-27T17:46:49.852+03:00  INFO 36328 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1206 ms
2024-09-27T17:46:50.110+03:00 TRACE 36328 --- [           main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration$WebSecurityEnablerConfiguration=org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration$WebSecurityEnablerConfiguration@3458eca5}
2024-09-27T17:46:50.114+03:00  WARN 36328 --- [           main] .s.s.UserDetailsServiceAutoConfiguration :

Using generated security password: cdf57bb2-c345-4658-9763-084bb9121d71

This generated password is for development use only.  Your security configuration must be updated before running your application in production.

2024-09-27T17:46:50.335+03:00  INFO 36328 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@7e64c1a9, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7fda2001, org.springframework.security.web.context.SecurityContextHolderFilter@c1050f2, org.springframework.security.web.header.HeaderWriterFilter@51e754e1, org.springframework.web.filter.CorsFilter@162c1dfb, org.springframework.security.web.authentication.logout.LogoutFilter@58324c9f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@738d37fc, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6fa2448b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@21ae657b, org.springframework.security.web.access.ExceptionTranslationFilter@7fedb795, org.springframework.security.web.access.intercept.AuthorizationFilter@12f279b5]
2024-09-27T17:46:50.553+03:00  INFO 36328 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port 8080 (http) with context path ''
2024-09-27T17:46:50.561+03:00  INFO 36328 --- [           main] c.e.restservice.RestServiceApplication   : Started RestServiceApplication in 2.447 seconds (process running for 2.832)
eccbc87e4b5ce2fe28308fd9f2a7baf3
2024-09-27T17:46:55.467+03:00  INFO 36328 --- [nio-8080-exec-5] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2024-09-27T17:46:55.467+03:00  INFO 36328 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2024-09-27T17:46:55.468+03:00  INFO 36328 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet        : Completed initialization in 0 ms
2024-09-27T17:46:55.501+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@7e64c1a9, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7fda2001, org.springframework.security.web.context.SecurityContextHolderFilter@c1050f2, org.springframework.security.web.header.HeaderWriterFilter@51e754e1, org.springframework.web.filter.CorsFilter@162c1dfb, org.springframework.security.web.authentication.logout.LogoutFilter@58324c9f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@738d37fc, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6fa2448b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@21ae657b, org.springframework.security.web.access.ExceptionTranslationFilter@7fedb795, org.springframework.security.web.access.intercept.AuthorizationFilter@12f279b5]] (1/1)
2024-09-27T17:46:55.503+03:00 DEBUG 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Securing POST /login
2024-09-27T17:46:55.504+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/11)
2024-09-27T17:46:55.505+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/11)
2024-09-27T17:46:55.511+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/11)
2024-09-27T17:46:55.516+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/11)
2024-09-27T17:46:55.519+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking CorsFilter (5/11)
2024-09-27T17:46:55.520+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/11)
2024-09-27T17:46:55.522+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2024-09-27T17:46:55.522+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (7/11)
2024-09-27T17:46:55.522+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.s.w.s.HttpSessionRequestCache        : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-09-27T17:46:55.522+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (8/11)
2024-09-27T17:46:55.524+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        :  Invoking AnonymousAuthenticationFilter (9/11)
2024-09-27T17:46:55.525+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (10/11)
2024-09-27T17:46:55.525+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (11/11)
2024-09-27T17:46:55.526+03:00 TRACE 36328 --- [nio-8080-exec-5] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@5f0f1c14]
2024-09-27T17:46:55.534+03:00 TRACE 36328 --- [nio-8080-exec-5] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@5f0f1c14] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x000002c352411718@59c48c5
2024-09-27T17:46:55.536+03:00 DEBUG 36328 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Secured POST /login
2024-09-27T17:46:55.674+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
2024-09-27T17:46:55.676+03:00 TRACE 36328 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2024-09-27T17:46:55.677+03:00 TRACE 36328 --- [nio-8080-exec-5] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-09-27T17:46:55.677+03:00 TRACE 36328 --- [nio-8080-exec-5] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-09-27T17:46:55.678+03:00 TRACE 36328 --- [nio-8080-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@7e64c1a9, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7fda2001, org.springframework.security.web.context.SecurityContextHolderFilter@c1050f2, org.springframework.security.web.header.HeaderWriterFilter@51e754e1, org.springframework.web.filter.CorsFilter@162c1dfb, org.springframework.security.web.authentication.logout.LogoutFilter@58324c9f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@738d37fc, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6fa2448b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@21ae657b, org.springframework.security.web.access.ExceptionTranslationFilter@7fedb795, org.springframework.security.web.access.intercept.AuthorizationFilter@12f279b5]] (1/1)
2024-09-27T17:47:01.931+03:00 DEBUG 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Securing GET /get-shorten-link
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/11)
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/11)
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/11)
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/11)
2024-09-27T17:47:01.931+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking CorsFilter (5/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (7/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.s.w.s.HttpSessionRequestCache        :  matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (8/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (9/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (10/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (11/11)
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@4ff8f49]
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@4ff8f49] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@a3871a6
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-09-27T17:47:01.932+03:00 TRACE 36328 --- [nio-8080-exec-4] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-09-27T17:47:01.933+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2024-09-27T17:47:01.933+03:00 TRACE 36328 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied

org.springframework.security.access.AccessDeniedException:  Access Denied
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)  ~[spring-security-web-6.2.2.jar:6.2.2]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.4.jar:6.1.4]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230) ~[spring-security-config-6.2.2.jar:6.2.2]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.4.jar:6.1.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.4.jar:6.1.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.4.jar:6.1.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)  ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) ~[tomcat-embed-core-10.1.19.jar:10.1.19]
at java.base/java.lang.Thread.run(Thread.java:1570) ~[na:na]
 

Подробнее здесь: [url]https://stackoverflow.com/questions/79033042/why-spring-boot-keeps-returning-error-403[/url]

Ответить

1 сообщение • Страница 1 из 1

Быстрый ответ

Заголовок:

Имя пользователя:

Изменение регистра текста:

Смайлики

Ещё смайлики…

К этому ответу прикреплено по крайней мере одно вложение.

Если вы не хотите добавлять вложения, оставьте поля пустыми. Можно прикреплять файлы, перетаскивая их в окно сообщения.

Максимально разрешённый размер вложения: 15 МБ.

Имя файла:

Комментарий к файлу:

Имя файла	Комментарий к файлу	Размер	Статус

Вернуться в «JAVA»